cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Firefighter role concept

patrickbachmann
Active Contributor

on ‎05-09-2016 8:10 PM

0 Kudos

Hi folks,

In SAP source system we have what we call a firefighter role where we can assign access so that a developer for example could have temporary access to production in order to troubleshoot a problem.  All firefighter access has an expiration date and is logged for auditor purposes.  I'm not aware of a way to do this within HANA studio security.  I thought about perhaps setting up special roles and then setting up audit on that role to keep a trail of who was granted access although it doesn't resolve the expiration issue.  I'm curious how have others handled this in HANA that may need the same type of access auditing/restriction?

Thanks!

-Patrick

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

wamorgao
Explorer
‎04-04-2022 12:33 PM
0 Kudos

Thanks to your explanation...

Show replies
Show replies
lbreddemann
Active Contributor
‎05-10-2016 7:15 AM
0 Kudos

SAP HANA comes with a SAP_INTERNAL_HANA_SUPPORT role that enables supporters to all/most of required accesses.

This role can only be given to users up to a maximum (of 10 I believe) users in parallel.

However, there is no automatic revocation of the assignment.

Assignment of the role can be audited via the standard HANA auditing.


Not sure this is what you're looking for.

Show replies
Show replies
former_member182997
Contributor
‎05-09-2016 8:55 PM
0 Kudos

The following concepts are important to understand emergency access management(firefight):

Firefighter: the user who requires emergency access

Firefighter ID: the user ID with elevated privileges.

Firefighting: the act of using a Firefighter ID to perform tasks in an emergency

Owner: the user responsible for a Firefighter ID and the assignment of controllers

and Firefighters

Controller: the user who reviews and approves (if required) the log files generated

from firefighting activities

Centralized Firefighting: using the GRC system as the centralized console

through which Firefighters can logon to different system for firefighting

Decentralized Firefighting: Firefighters can directly logon to the plug-in systems

for firefighting; using the GRC system only for maintaining emergency access

assignments and reporting

The above definitions are well explained and courtesy to the below book:

SAP Access Control 10.0 SP10

Hope it answers your query

Show replies
Show replies
patrickbachmann
Active Contributor
‎05-09-2016 9:02 PM
0 Kudos

Hi Aparajit, I understand the Firefighter concept as well as GRC which we have here however I'm talking about from HANA Studio security perspective.  I don't think any of this works with HANA security although please correct me if I'm wrong.  I searched through the document for mention of HANA security and found nothing.

Thanks,

-Patrick

Ask a Question